The Hacker News — Cyber Security, Hacking, Technology News

Wishing you all a very 'belated' Merry Christmas. This holiday season Santa has a very special gift for all PlayStation gamers.

Developer SpecterDev finally released a fully-functional much-awaited kernel exploit for PlayStation 4 (firmware 4.05) today—almost two months after Team Fail0verflow revealed the technical details of it.

Now available on Github, dubbed "namedobj," the kernel exploit for the PlayStation 4 on 4.05FW allows users to run arbitrary code on the gaming console, enabling jailbreaking and kernel-level modifications to the system.

Although PS4 kernel exploit does not include Jailbreak code, others can develop a full jailbreak exploit using it.

Jailbreaking allows users to run custom code on the console and install mods, cheats, third-party applications, and games that are typically not possible because of the anti-piracy mechanisms implicated on the Sony PlayStation.

"This release, however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew," SpecterDev said.

"This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival."

It should be noted that for some users it may not work as smooth as it sounds.

"This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel. I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads," SpecterDev warned.

PS4 gamers who are running firmware version lower than 4.05 can simply update their console to take advantage of this exploit.

Of course, Sony would not be happy with the launch of PlayStation 4 kernel exploit and would be trying hard to eliminate any vulnerability for the most recent version of PS4 firmware.

After hacking social media accounts of HBO and its widely watched show Game of Thrones, a notorious group of hackers calling itself OurMine took control over the official Twitter and Facebook accounts for Sony's PlayStation Network (PSN) on Sunday.

After taking over the accounts, OurMine, Saudi Arabian group of hackers which claims to be a "white hat" security firm, posted its first tweet on Sunday evening, claiming to have breached PlayStation Network and stolen its database.

The tweet followed by a series of tweets encouraging the company to contact the hacking group through its website to buy its IT security service in an effort to protect itself from future cyber attacks.

"No, we aren't going to share it, we are a security group if you work at PlayStation then please go to our website," the followed Tweet read.

The hacking group also posted similar content on the PlayStation Network's official Facebook page that has more than 37 million followers.

Both tweets and Facebook messages posted by the hacking group were deleted shortly.

At the time, it is unclear if OurMine has access to PSN's database or their Tweets and Facebook posts were just to spread fear among the company and its customers.

However, the company suffered a massive data breach in 2011, when the PlayStation hack exposed the personal details of the entire PSN user base (over 77 Million at the time), including users names, date of births, email addresses, and credit card details.

The hacking incident was the largest identity theft on record, which forced Sony to shut down its entire system for almost a month. Anonymous took responsibility for the data breach.

Ourmine is the same hacking group that previously compromised social media accounts of major companies CEOs, including Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, and Google CEO Sundar Pichai.

In the majority of cases, Ourmine gains access to the social media accounts by using credentials exposed in previous, publicly known data breaches.

However, the group does not seem to ever go beyond just demonstrating its ability to take over the account, without doing significant damage to the accounts or its protected information.

OurMine markets itself as a security firm that offers companies security against cyber attacks, charging up to $5,000 for a "scan" of their social media accounts, site security holes, and other security vulnerabilities.

It's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what happens on every Christmas holidays.

This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks.

Calling itself R.I.U. Star Patrol, the hacking group, posted a video on YouTube, announcing that they’re planning to take down Sony’s PSN and Microsoft’s Xbox Live on Christmas Day by launching coordinated DDoS attacks.

"We do it because we can," the group said. "We have not been paid a single dollar for what we do."

On Wednesday, when R.I.U. Star Patrol took down Tumblr, the group contacted Mashable and explained its reason for attacking: "There is no sinister motive. It’s all for light hearted fun."

Neither Sony nor Microsoft has yet responded to the hackers' warning.

However, both Sony and Microsoft previously promised to enhance the protection of their systems to block any attack disrupting their networks, but downtime and short outages happened almost every Christmas time.

Knowing the current abilities of hackers to launch DDoS attack that can reach 1 Tbps, it goes without saying that both the companies should be prepared to see DDoS attacks targeting its servers on this Christmas that can go beyond their expectations.

We saw coordinated DDoS attacks against DNS hosting provider Dyn last fall that broke large portions of the Internet, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console.

It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system.

Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC.

With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal.

Group Managed to Run Game Boy Advance and Pokémon on PS4

What's even more interesting?

The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon, dubbing it the "PlayStation Version."

Although complete details of the hack have yet to be disclosed, it seems that the hacking group exploited a WebKit flaw similar to the one recently used by a hacker named CTurt for developing a fully jailbroken version of the PlayStation 4.

Since this isn't probably the best way to play your favorite old portable games, the hacking group has control of much of the PlayStation 4 system.

Video Demonstration of the Hack

In a five-minute-long video given below, you can see how hackers installed Linux on PlayStation 4 and managed to keep many functions in working condition including WiFi, Bluetooth, optical audio, the serial port, and HDMI encoder.

The hacking group presented its PlayStation hack at the 32nd Chaos Communication Congress (32c3) conference that took place on December 30, 2015.

Sony's PlayStation 4 – the hottest-selling gaming console in the United States – has been in the market for a while now, and since its release, hackers have been tinkering with it to find a way to run unauthorized software.

Though breaking the protection on PlayStation 4 is a huge deal, a hacker who calls himself CTurt has claimed to develop a fully jailbroken version of the PlayStation 4 with the help of a kernel exploit that he previously created.

The current jailbreak allows dumping of the system RAM from other processes and installing custom firmware that can be used to run homebrew applications that aren't approved by Sony.

Of course, there is still a few other security issues to get by, but it is a foot in the door for game piracy, which can affect the gaming market as a whole.

The Twitter account of CTurt seems to indicate that currently the exploit only works for PlayStation 4 firmware version 1.76, but apparently it can be tweaked to work for more recent firmware.

CTurt successfully managed to take advantage of an exploit in PlayStation 4 v1.76 to inject an external code in the system, thereby taking control of the hardware.

Sony would certainly be unhappy with the launch of PlayStation 4 jailbreak and would be trying hard to eliminate any vulnerabilities for the most recent version of PS4 firmware.

23-year-old Todd Miller, suspected of hacking into Sony’s PlayStation Network, was due to be arrested, will spend a year on house arrest, but not for the hacking. Instead, he was sentenced yesterday in federal court for obstructing a federal investigation because he smashed his computers, halting an FBI investigation into his hacking.

The court heard that the accused was part of the hacker group KCUF, which led an attack on the PSN in 2008. Without his computers, they couldn't prove he was involved in the hacks.

The judge said that because Miller had a troubled childhood and now had stability and a full time job, that he could "see no sense" in sentencing him to prison. He said he has learned his lesson.

The PSN hack, and the dozens of copycat attacks that ensued, cost Sony and their partners millions of dollars, as well as endangering the privacy and personal financial security of more than seventy million PSN users.

U.S. District Judge Peter C. Economus sentenced Miller to one year of house arrest, three years probation, and required him to get a high school equivalency diploma. If the FBI had recovered his hard disks, Miller would have faced a $250,000 fine and up to 20 years in prison.

The PlayStation 3 has been hacked before, originally with the PSJailbreak dongle and fail0verflow, but Sony managed to fight back with Firmware 3.60 which managed to ingeniously re-secure the console. But Hackers have released a custom firmware which allows compromised consoles to log into PSN, alongside LV0 decryption keys which allow the user to bypass future security updates.

The hacker group ‘The Three Musketeers’ claims that they already had the keys for a while but decided not to publish them. The information also came into the hands of another Chinese hacking group called BlueDiskCFW which was about to release the Iv0 keys for a fee. To avoid others earning money with their hack, The Three Musketeers decided to publish the keys themselves. Here a Post by Hackers.

The team of hackers released the following announcement:

As this was a group effort, we wouldn’t normally have lost a word about it ever, but as we’re done with PS3 now anyways, we think it doesn’t matter anymore. Congratulations to the guy that leaked stuff, you, sir, are a 1337 haxx0r, jk, you’re an asshole.

People should know that crooked personalities are widespread in this so called ‘scene’. Some people try to achieve something for fun together and make the wrong decision to trust others and share their results with them, but ofc there got to be the attention seeking fame wh*** that has to leak stuff to feel a little bit better about him-/herself. Now the catch is that it works like this in every ‘scene’, just that in others it usually doesn’t come to light.The only sad thing is, that the others who worked on this won’t get the attention they deserve because they probably want to remain anonymous (also they don’t care about E-fame <3 data-blogger-escaped-br="br">

PS: This is neither about drama nor E-fame nor ‘OMG WE HAZ BEEN FIRST’, we just thought you should know that we’re disappointed in certain people. You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.

- The Three Musketeers

Sony uses the Iv0 keys to protect the firmware of the Playstation 3. After update 3.60 the Iv0 keys were used to verify the software. With the release of the Iv0 keys to the web, hackers are able to modify current and future Playstation 3 firmwares. Because the Iv0 key is put into the Cell CPU during manufacturing it’s unlikely that Sony will be able to restore the protection of the Playstation 3 with a new update and with the PS3 firmware decrypted also the new PSN authentication key is easy to grab.

Lets see with Sony's upcoming official 4.30 firmware, it has found a way to block off the exploit.